Skip to content

new version ready

new version ready #12

GitHub Actions / Security audit failed Apr 28, 2024 in 0s

Security advisories found

1 advisory(ies), 1 other

Details

Vulnerabilities

RUSTSEC-2024-0336

rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input

Details
Package rustls
Version 0.20.9
URL GHSA-6g7w-8wpp-frhj
Date 2024-04-19
Patched versions >=0.23.5,>=0.22.4, <0.23.0,>=0.21.11, <0.22.0

If a close_notify alert is received during a handshake, complete_io
does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io
and are not affected.

rustls::Stream and rustls::StreamOwned types use
complete_io and are affected.